使用httpClent 4.x 连接一个需要Signature验证的API 一直返回401
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-Application-Context: bootstrap
Authorization: WWW-Authenticate: Signature realm="World-Check One API",algorithm="hmac-sha256",headers="(request-target) host date content-type content-length
Transfer-Encoding: chunked
Date: Fri, 21 Oct 2016 12:36:54 GMT
我确认我的加密方法已经正确,我只是把Signature Authenticate 加到Header,这样是否正确?
// httpClient 连接到url
final HttpGet request = new HttpGet(httpUrl);
request.setHeader("Date", gmtDate);
request.setHeader("Authorization", auth);
final HttpClient client = HttpClientBuilder.create().build();
final HttpResponse response = client.execute(request);
final int statusCode = response.getStatusLine().getStatusCode();
// 加密
private String getSignature(final String dataToSign) {
logger.info("***** dataToSign : " + dataToSign +" *****");
final String signature = Hmac.encodeHmacSHA256(dataToSign.getBytes(), apiSecret.getBytes());
logger.info("***** signature : " + signature +" *****");
return signature;
}
// 拼装成Authorisation
private String getAuthorisation(final String signature) {
final StringBuffer sb = new StringBuffer("");
sb.append("Signature keyId=\"").append(apiKey);
sb.append("\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"");
sb.append(signature).append("\"");
logger.info("***** dataToSign : " + sb.toString() +" *****");
return sb.toString();
}
